devise_security_extension 0.3.6 → 0.4.0

data/Gemfile

@@ -1,13 +1,14 @@
 source "http://rubygems.org"
 # Add dependencies required to use your gem here.
 # Example:
-gem "rails"
+gem "rails", "~> 3.0.0"
 gem "devise"
-gem "rails_email_validator"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
+  gem "rails_email_validator"
+  gem "easy_captcha"
   gem "bundler", "~> 1.0.0"
   gem "jeweler", "~> 1.5.2"
   gem "rcov", ">= 0"

data/Gemfile.lock

@@ -1,9 +1,20 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (0.6.1)
-      actionpack (>= 0.9.5)
-    actionpack (1.4.0)
+    abstract (1.0.0)
+    actionmailer (3.0.7)
+      actionpack (= 3.0.7)
+      mail (~> 2.2.15)
+    actionpack (3.0.7)
+      activemodel (= 3.0.7)
+      activesupport (= 3.0.7)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.5.0)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.14)
+      rack-test (~> 0.5.7)
+      tzinfo (~> 0.3.23)
     activemodel (3.0.7)
       activesupport (= 3.0.7)
       builder (~> 2.1.2)
@@ -13,6 +24,9 @@ GEM
       activesupport (= 3.0.7)
       arel (~> 2.0.2)
       tzinfo (~> 0.3.23)
+    activeresource (3.0.7)
+      activemodel (= 3.0.7)
+      activesupport (= 3.0.7)
     activesupport (3.0.7)
     arel (2.0.10)
     bcrypt-ruby (2.1.4)
@@ -21,23 +35,53 @@ GEM
       bcrypt-ruby (~> 2.1.2)
       orm_adapter (~> 0.0.3)
       warden (~> 1.0.3)
+    easy_captcha (0.4.1)
+      rails (>= 3.0.0)
+      rails (>= 3.0.0)
+      rmagick
+      rmagick
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
     git (1.2.5)
     i18n (0.5.0)
     jeweler (1.5.2)
       bundler (~> 1.0.0)
       git (>= 1.2.5)
       rake
+    mail (2.2.19)
+      activesupport (>= 2.3.6)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.16)
     orm_adapter (0.0.5)
-    rack (1.3.0)
-    rails (0.9.5)
-      actionmailer (>= 0.6.1)
-      actionpack (>= 1.4.0)
-      activerecord (>= 1.6.0)
-      rake (>= 0.4.15)
+    polyglot (0.3.1)
+    rack (1.2.3)
+    rack-mount (0.6.14)
+      rack (>= 1.0.0)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rails (3.0.7)
+      actionmailer (= 3.0.7)
+      actionpack (= 3.0.7)
+      activerecord (= 3.0.7)
+      activeresource (= 3.0.7)
+      activesupport (= 3.0.7)
+      bundler (~> 1.0)
+      railties (= 3.0.7)
     rails_email_validator (0.1.4)
       activemodel (>= 3.0.0)
-    rake (0.9.1)
+    railties (3.0.7)
+      actionpack (= 3.0.7)
+      activesupport (= 3.0.7)
+      rake (>= 0.8.7)
+      thor (~> 0.14.4)
+    rake (0.9.2)
     rcov (0.9.9)
+    rmagick (2.13.1)
+    thor (0.14.6)
+    treetop (1.4.9)
+      polyglot (>= 0.3.1)
     tzinfo (0.3.27)
     warden (1.0.4)
       rack (>= 1.0)
@@ -48,7 +92,8 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 1.0.0)
   devise
+  easy_captcha
   jeweler (~> 1.5.2)
-  rails
+  rails (~> 3.0.0)
   rails_email_validator
   rcov

data/README.rdoc

@@ -2,6 +2,13 @@
 
 an security extension for devise
 
+== Features
+
+* expire passwords (update password with current password)
+* strong password validation
+* save old passwords for check new passwords
+* captcha support for sign_up, sign_in, recover an unlock
+ 
 == Installation
 add to Gemfile
   gem 'devise_security_extension'
@@ -10,7 +17,7 @@ after bundle execute
   rails g devise_security_extension:install
 
 for :secure_validatable you need to add
-  gem 'rails_email_validator'
+  gem 'rails_email_validator' 
 
 == Configuration
 
@@ -27,11 +34,37 @@ for :secure_validatable you need to add
     # Deny old password (true, false, count)
     # config.deny_old_passwords = true
 
+    # captcha integration for recover form 
+    # config.captcha_for_recover = true
+  
+    # captcha integration for sign up form
+    # config.captcha_for_sign_up = true
+  
+    # captcha integration for sign in form
+    # config.captcha_for_sign_in = true
+  
+    # captcha integration for unlock form
+    # config.captcha_for_unlock = true
+    
+== Captcha-Support
+
+=== Installation
+
+1. add to Gemfile "gem 'easy_captcha'"
+2. install easy_captcha "rails g easy_captcha:install"
+3. enable captcha - see "Configuration"
+4. add captcha source in views of devise for each controller you have activate
+
+  <p><%= captcha_tag %></p>
+  <p><%= text_field_tag :captcha %></p>
+
+That's all!
+
 == Model modules
 
- * :password_expirable - activate that passwords will expire
- * :secure_validatable - better way to validate model. don't use with :validatable!!!
- * :password_archivable - save password in old_passwords for history checks
+* :password_expirable - activate that passwords will expire
+* :secure_validatable - better way to validate model. don't use with :validatable!!!
+* :password_archivable - save password in old_passwords for history checks
 
 == Schema
 
@@ -53,23 +86,15 @@ for :secure_validatable you need to add
 * devise (https://github.com/plataformatec/devise)
 * Rails 3 (http://github.com/rails/rails)
 
-== Features
-
- * expire passwords (update password with current password)
- * strong password validation
- * save old passwords for check new passwords
-
 == Todo
 
- * easy_captcha for registration
- * easy_captcha for password forgotten
- * easy_captcha for unlock instructions
- * disable inactive users after time
+* disable inactive users after time
 
 == History
- * 0.1 expire passwords
- * 0.2 strong password validation
- * 0.3 password archivable with validation
+* 0.1 expire passwords
+* 0.2 strong password validation
+* 0.3 password archivable with validation
+* 0.4 captcha support for sign_up, sign_in, recover an unlock
 
 == Maintainers
 

data/VERSION

@@ -1 +1 @@
-0.3.6
+0.4.0

data/config/locales/de.yml

@@ -1,9 +1,10 @@
 de:
   errors:
     messages:
-      taken_in_past: wurde bereits in der Vergangenheit verwendet!
-      equal_to_current_password: darf nicht dem aktuellen Passwort entsprechen!
+      taken_in_past: "wurde bereits in der Vergangenheit verwendet!"
+      equal_to_current_password: "darf nicht dem aktuellen Passwort entsprechen!"
   devise:
+    invalid_captcha: "Die Captchaeingabe ist nicht gültig!"
     password_expired:
       updated: "Das neue Passwort wurde übernommen."
-      change_required: Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!
+      change_required: "Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!"

data/config/locales/en.yml

@@ -1,9 +1,10 @@
 en:
   errors:
     messages:
-      taken_in_past: was already taken in the past!
-      equal_to_current_password: must be different to the current password!
+      taken_in_past: "was already taken in the past!"
+      equal_to_current_password: "must be different to the current password!"
   devise:
+    invalid_captcha: "The captcha input is not valid!"
     password_expired:
-      updated: Your new password is saved.
-      change_required: Your password is expired. Please renew your password!
+      updated: "Your new password is saved."
+      change_required: "Your password is expired. Please renew your password!"

data/devise_security_extension.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_security_extension}
-  s.version = "0.3.6"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Marco Scholl"]
-  s.date = %q{2011-06-06}
+  s.date = %q{2011-06-07}
   s.description = %q{a gem for extend devise for more password security}
   s.email = %q{team@phatworx.de}
   s.extra_rdoc_files = [
@@ -37,6 +37,8 @@ Gem::Specification.new do |s|
     "lib/devise_security_extension/models/password_expirable.rb",
     "lib/devise_security_extension/models/secure_validatable.rb",
     "lib/devise_security_extension/orm/active_record.rb",
+    "lib/devise_security_extension/patches.rb",
+    "lib/devise_security_extension/patches/controller_captcha.rb",
     "lib/devise_security_extension/rails.rb",
     "lib/devise_security_extension/routes.rb",
     "lib/devise_security_extension/schema.rb",
@@ -58,24 +60,27 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rails>, [">= 0"])
+      s.add_runtime_dependency(%q<rails>, ["~> 3.0.0"])
       s.add_runtime_dependency(%q<devise>, [">= 0"])
-      s.add_runtime_dependency(%q<rails_email_validator>, [">= 0"])
+      s.add_development_dependency(%q<rails_email_validator>, [">= 0"])
+      s.add_development_dependency(%q<easy_captcha>, [">= 0"])
       s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
       s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
       s.add_development_dependency(%q<rcov>, [">= 0"])
     else
-      s.add_dependency(%q<rails>, [">= 0"])
+      s.add_dependency(%q<rails>, ["~> 3.0.0"])
       s.add_dependency(%q<devise>, [">= 0"])
       s.add_dependency(%q<rails_email_validator>, [">= 0"])
+      s.add_dependency(%q<easy_captcha>, [">= 0"])
       s.add_dependency(%q<bundler>, ["~> 1.0.0"])
       s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
       s.add_dependency(%q<rcov>, [">= 0"])
     end
   else
-    s.add_dependency(%q<rails>, [">= 0"])
+    s.add_dependency(%q<rails>, ["~> 3.0.0"])
     s.add_dependency(%q<devise>, [">= 0"])
     s.add_dependency(%q<rails_email_validator>, [">= 0"])
+    s.add_dependency(%q<easy_captcha>, [">= 0"])
     s.add_dependency(%q<bundler>, ["~> 1.0.0"])
     s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
     s.add_dependency(%q<rcov>, [">= 0"])

data/lib/devise_security_extension.rb

@@ -5,7 +5,7 @@ require 'active_support/ordered_hash'
 require 'active_support/concern'
 require 'devise'
 
-module Devise # :nodoc:
+module Devise # :nodoc:  
 
   # Should the password expire (e.g 3.months)
   mattr_accessor :expire_password_after
@@ -22,22 +22,48 @@ module Devise # :nodoc:
   # Deny old password (true, false, count)
   mattr_accessor :deny_old_passwords
   @@deny_old_passwords = true
+
+  # enable email validation for :secure_validatable. (true, false, validation_options)
+  # dependency: need an email validator like rails_email_validator
+  mattr_accessor :email_validation
+  @@email_validation = true
+  
+  # captcha integration for recover form
+  mattr_accessor :captcha_for_recover
+  @@captcha_for_recover = false
+  
+  # captcha integration for sign up form
+  mattr_accessor :captcha_for_sign_up
+  @@captcha_for_sign_up = false
+  
+  # captcha integration for sign in form
+  mattr_accessor :captcha_for_sign_in
+  @@captcha_for_sign_in = false
+  
+  # captcha integration for unlock form
+  mattr_accessor :captcha_for_unlock
+  @@captcha_for_unlock = false
+  
 end
 
 # an security extension for devise
 module DeviseSecurityExtension
   autoload :Schema, 'devise_security_extension/schema'
+  autoload :Patches, 'devise_security_extension/patches'
 
   module Controllers # :nodoc:
     autoload :Helpers, 'devise_security_extension/controllers/helpers'
   end
 end
 
+# modules
 Devise.add_module :password_expirable, :controller => :password_expirable, :model => 'devise_security_extension/models/password_expirable', :route => :password_expired
 Devise.add_module :secure_validatable, :model => 'devise_security_extension/models/secure_validatable'
 Devise.add_module :password_archivable, :model => 'devise_security_extension/models/password_archivable'
 
+# requires
 require 'devise_security_extension/routes'
 require 'devise_security_extension/rails'
 require 'devise_security_extension/orm/active_record'
 require 'devise_security_extension/models/old_password'
+

data/lib/devise_security_extension/controllers/helpers.rb

@@ -6,7 +6,23 @@ module DeviseSecurityExtension
       included do
         before_filter :handle_password_change
       end
+      
+      module ClassMethods
+        # helper for captcha
+        def init_recover_password_captcha
+          p "init"
+          p self.inspect
+          
+          include RecoverPasswordCaptcha
+        end        
+      end
 
+      module RecoverPasswordCaptcha
+        def new
+          p "Check here captcha"
+          super
+        end
+      end
 
       # controller instance methods
       module InstanceMethods

data/lib/devise_security_extension/models/secure_validatable.rb

@@ -11,7 +11,6 @@ module Devise
     #   * +password_regex+: need strong password. Defaults to /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
     #
     module SecureValidatable
-
       def self.included(base)
         base.extend ClassMethods
         assert_secure_validations_api!(base)
@@ -23,8 +22,8 @@ module Devise
 
           # validates email
           validates :email, :presence => true, :if => :email_required?
-          validates :email, :email => true # use rails_email_validator
-
+          validates :email, :email => email_validation if email_validation # use rails_email_validator or similar
+          
           # validates password
           validates :password, :presence => true, :length => password_length, :format => password_regex, :confirmation => true, :if => :password_required?
 
@@ -39,10 +38,10 @@ module Devise
 
       def current_equal_password_validation
         if not self.new_record? and not self.encrypted_password_change.nil?
-          dummy = self.class.new
-          dummy.encrypted_password = self.encrypted_password_change.first
-          dummy.password_salt = self.password_salt_change.first if self.respond_to? :password_salt_change and not self.password_salt_change.nil?
-          self.errors.add(:password, :equal_to_current_password) if dummy.valid_password?(self.password)
+        dummy = self.class.new
+        dummy.encrypted_password = self.encrypted_password_change.first
+        dummy.password_salt = self.password_salt_change.first if self.respond_to? :password_salt_change and not self.password_salt_change.nil?
+        self.errors.add(:password, :equal_to_current_password) if dummy.valid_password?(self.password)
         end
       end
 
@@ -60,7 +59,7 @@ module Devise
       end
 
       module ClassMethods
-        Devise::Models.config(self, :password_regex, :password_length)
+        Devise::Models.config(self, :password_regex, :password_length, :email_validation)
       end
     end
   end

data/lib/devise_security_extension/patches.rb

@@ -0,0 +1,14 @@
+module DeviseSecurityExtension
+  module Patches
+    autoload :ControllerCaptcha, 'devise_security_extension/patches/controller_captcha'
+    
+    class << self
+      def apply
+        Devise::PasswordsController.send(:include, Patches::ControllerCaptcha) if Devise.captcha_for_recover
+        Devise::UnlocksController.send(:include, Patches::ControllerCaptcha) if Devise.captcha_for_unlock
+        Devise::RegistrationsController.send(:include, Patches::ControllerCaptcha) if Devise.captcha_for_sign_up
+        Devise::SessionsController.send(:include, Patches::ControllerCaptcha) if Devise.captcha_for_sign_in
+      end
+    end
+  end
+end

data/lib/devise_security_extension/patches/controller_captcha.rb

@@ -0,0 +1,21 @@
+module DeviseSecurityExtension::Patches
+  # patch passwords controller for captcha
+  module ControllerCaptcha
+    extend ActiveSupport::Concern
+    included do
+    # here the patch
+
+      alias_method :create_without_captcha_check, :create
+      define_method :create do
+        if valid_captcha? params[:captcha]
+          create_without_captcha_check
+        else
+          build_resource
+          clean_up_passwords(resource)
+          flash[:alert] = I18n.translate('devise.invalid_captcha')
+          render_with_scope :new
+        end
+      end
+    end
+  end
+end

data/lib/devise_security_extension/rails.rb

@@ -3,5 +3,10 @@ module DeviseSecurityExtension
     ActiveSupport.on_load(:action_controller) do
       include DeviseSecurityExtension::Controllers::Helpers
     end
+    
+    ActionDispatch::Callbacks.to_prepare do
+      DeviseSecurityExtension::Patches.apply
+    end
+
   end
 end

data/lib/generators/devise_security_extension/install_generator.rb

@@ -15,7 +15,10 @@ module DeviseSecurityExtension
         "  # How often save old passwords in archive\n" +
         "  # config.password_archiving_count = 5\n\n" +
         "  # Deny old password (true, false, count)\n" +
-        "  # config.deny_old_passwords = true" +
+        "  # config.deny_old_passwords = true\n\n" +
+        "  # enable email validation for :secure_validatable. (true, false, validation_options)\n" +
+        "  # dependency: need an email validator like rails_email_validator\n" +
+        "  # config.email_validation = true" +
         "\n", :before => /end[ |\n|]+\Z/
       end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_security_extension
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,23 +9,23 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-06-06 00:00:00.000000000 +02:00
+date: 2011-06-07 00:00:00.000000000 +02:00
 default_executable: 
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &24659860 !ruby/object:Gem::Requirement
+  requirement: &26315300 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *24659860
+  version_requirements: *26315300
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &24659380 !ruby/object:Gem::Requirement
+  requirement: &26314820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,21 +33,32 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *24659380
+  version_requirements: *26314820
 - !ruby/object:Gem::Dependency
   name: rails_email_validator
-  requirement: &24658900 !ruby/object:Gem::Requirement
+  requirement: &26314340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
+  prerelease: false
+  version_requirements: *26314340
+- !ruby/object:Gem::Dependency
+  name: easy_captcha
+  requirement: &26313860 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
   prerelease: false
-  version_requirements: *24658900
+  version_requirements: *26313860
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &24658420 !ruby/object:Gem::Requirement
+  requirement: &26313380 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -55,10 +66,10 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *24658420
+  version_requirements: *26313380
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &24657940 !ruby/object:Gem::Requirement
+  requirement: &26312900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -66,10 +77,10 @@ dependencies:
         version: 1.5.2
   type: :development
   prerelease: false
-  version_requirements: *24657940
+  version_requirements: *26312900
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &24657460 !ruby/object:Gem::Requirement
+  requirement: &26312420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -77,7 +88,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *24657460
+  version_requirements: *26312420
 description: a gem for extend devise for more password security
 email: team@phatworx.de
 executables: []
@@ -106,6 +117,8 @@ files:
 - lib/devise_security_extension/models/password_expirable.rb
 - lib/devise_security_extension/models/secure_validatable.rb
 - lib/devise_security_extension/orm/active_record.rb
+- lib/devise_security_extension/patches.rb
+- lib/devise_security_extension/patches/controller_captcha.rb
 - lib/devise_security_extension/rails.rb
 - lib/devise_security_extension/routes.rb
 - lib/devise_security_extension/schema.rb
@@ -128,7 +141,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 669408536488345234
+      hash: 1577265530715182103
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: